New Snowden Bombshell: NSA Can Pose as Facebook And Hack Into Computers to Steal Computer Data

Just when you thought the NSA couldn’t get any more detestable, new information released yesterday reveals that the agency has expanded its hacking capabilities and can infect millions of computers with malware “imprints.”

Documents provided by NSA whistleblower Edward Snowden provide details about the groundbreaking technology, which uses automated systems to hack into computers on a mass scale without much human oversight.

The documents also revealed that the NSA has pretended to be Facebook to install its malware, according to The Intercept:

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The automated system the NSA is using is codenamed TURBINE and is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.” TURBINE is listed as part of a larger NSA surveillance plan called “Owning the Net.”

Taxpayer money in the amount of $67.6 million was sought by the agency in 2013, with some specifically designated for expansion of TURBINE for “a wider variety” of networks and “enabling greater automation of computer network exploitation.”

The Intercept explained how TURBINE works:

TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.”

In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations.

The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)

According to the secret files, the system has been in use since at least July 2010, and the NSA has already deployed between 85,000 and 100,000 implants worldwide.

The NSA has employed the use of spam emails that trick users into clicking on malicious links. This “back-door implant”, codenamed WILLOWVIXEN, infects computers within 8 seconds. This method isn’t working as well as it used to, according to documents, because people have become more careful about clicking links in emails.

In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive.

Facebook has denied any knowledge of the program, and told the National Journal that the site is now protected from such attacks:

“We have no evidence of this alleged activity. In any case, this method of network level disruption does not work for traffic carried over HTTPS, which Facebook finished integrating by default last year.

“If government agencies indeed have privileged access to network service providers, any site running only HTTP could conceivably have its traffic misdirected.”

Matt Blaze, a surveillance and cryptography expert at the University of Pennsylvania, told The Intercept he has concerns about the NSA using TURBINE and QUANTUMHAND together:

“As soon as you put this capability in the backbone infrastructure, the software and security engineer in me says that’s terrifying.

“Forget about how the NSA is intending to use it. How do we know it is working correctly and only targeting who the NSA wants? And even if it does work correctly, which is itself a really dubious assumption, how is it controlled?”

Malware installed by the NSA is capable of performing different tasks on infected computers, as this list compiled by the LA Times outlines:

Since 2013, Christian news magazine The Olive Branch Report has featured the insightful writing and reporting of Greg Holt. His writing has been featured on American Prophet, Conservative Firing Line, DC Clothesline, Godfather Politics, Capitol Hill Outsider, Sons of Liberty Media, Rev. Austin Miles, and others. Greg is also the Publisher and Editor of Inspirational Christian Blogs.

Share our posts on your favorite social media

Related

2 Comments

I find that amusing that the NSA states (without a smidgen of corruption) that “intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose.” Really? From the location ISP’s on my blog’s statcounter, I am receiving hits from the Department of Defense in many different states. I am getting views from Homeland Security in different areas; from the IRS in Washington, D.C.; from the FBI Criminal Justice Information system; and that is just to name a few. Sometimes the views last for several hours. I have a Christian blog. Is that some sort of counterintelligence threat that requires our taxpayer dollars to investigate?

You said it sister! We are all terrorists you know. What a joke…you would think that the us gov. would have better things to do than monitor us. They can monitor us who have relatively small web sites, but cannot find a jumbo jet that disappeared? Uh huh.